Red Hat Security Advisory 2024-5479-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5479.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 8.0.3 Security update  
Advisory ID:        RHSA-2024:5479-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5479  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-28752  
====================================================================

Summary: 

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.2, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-8.0.z] (CVE-2024-28752)

* org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) [eap-8.0.z] (CVE-2024-30171)

* netty-codec-http: Allocation of Resources Without Limits or Throttling [eap-8.0.z] (CVE-2024-29025)

* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class [eap-8.0.z] (CVE-2024-30172)

* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service [eap-8.0.z] (CVE-2024-29857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2024-28752

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/  
https://bugzilla.redhat.com/show_bug.cgi?id=2270732  
https://bugzilla.redhat.com/show_bug.cgi?id=2272907  
https://bugzilla.redhat.com/show_bug.cgi?id=2276360  
https://bugzilla.redhat.com/show_bug.cgi?id=2293025  
https://bugzilla.redhat.com/show_bug.cgi?id=2293028  
https://issues.redhat.com/browse/JBEAP-25224  
https://issues.redhat.com/browse/JBEAP-26018  
https://issues.redhat.com/browse/JBEAP-26696  
https://issues.redhat.com/browse/JBEAP-26790  
https://issues.redhat.com/browse/JBEAP-26791  
https://issues.redhat.com/browse/JBEAP-26792  
https://issues.redhat.com/browse/JBEAP-26802  
https://issues.redhat.com/browse/JBEAP-26816  
https://issues.redhat.com/browse/JBEAP-26823  
https://issues.redhat.com/browse/JBEAP-26843  
https://issues.redhat.com/browse/JBEAP-26886  
https://issues.redhat.com/browse/JBEAP-26932  
https://issues.redhat.com/browse/JBEAP-26948  
https://issues.redhat.com/browse/JBEAP-26961  
https://issues.redhat.com/browse/JBEAP-26962  
https://issues.redhat.com/browse/JBEAP-26966  
https://issues.redhat.com/browse/JBEAP-26986  
https://issues.redhat.com/browse/JBEAP-27002  
https://issues.redhat.com/browse/JBEAP-27019  
https://issues.redhat.com/browse/JBEAP-27055  
https://issues.redhat.com/browse/JBEAP-27090  
https://issues.redhat.com/browse/JBEAP-27192  
https://issues.redhat.com/browse/JBEAP-27194  
https://issues.redhat.com/browse/JBEAP-27261  
https://issues.redhat.com/browse/JBEAP-27262  
https://issues.redhat.com/browse/JBEAP-27327  
https://issues.redhat.com/browse/JBEAP-27356

Red Hat Security Advisory 2024-5479-03

Red Hat Security Advisory 2024-5453-03 - This is an updated version of the Fence Agents Remediation Operator. This Operator is delivered by Red Hat Workload Availability, and version 0.4.1 is now available for RHEL 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5453.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Fence Agents Remediation 0.4.1 - Security updateAdvisory ID:        RHSA-2024:5453-03Product:            Red Hat OpenShift Workload AvailabilityAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5453Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-5651====================================================================Summary: This is an updated version of the Fence Agents Remediation Operator. This Operator is delivered by Red Hat Workload Availability, and version 0.4.1 is now available for RHEL 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Fence Agents Remediation Operator fences and remediates nodes usingwell-known agents. The remediation includes fencing the unhealthy node,using a fencing agent, and then evicting workloads from the unhealthy node.Security Fix:* fence-agent: Fence Agent Command Line Options Leads to Remote Code Execution (CVE-2024-5651)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-5651References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2290540https://issues.redhat.com/browse/ECOPROJECT-2024

Red Hat Security Advisory 2024-5453-03

Red Hat Security Advisory 2024-5363-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5363.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:5363-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5363  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2021-47606  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Tool Automation could not update the description because it is longer (4803) than ET limit of 4000 characters. (OSCI-6058)  
Please update the description manually.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47606

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265838  
https://bugzilla.redhat.com/show_bug.cgi?id=2273405  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2275655  
https://bugzilla.redhat.com/show_bug.cgi?id=2275715  
https://bugzilla.redhat.com/show_bug.cgi?id=2275748  
https://bugzilla.redhat.com/show_bug.cgi?id=2278380  
https://bugzilla.redhat.com/show_bug.cgi?id=2278417  
https://bugzilla.redhat.com/show_bug.cgi?id=2278429  
https://bugzilla.redhat.com/show_bug.cgi?id=2278519  
https://bugzilla.redhat.com/show_bug.cgi?id=2278989  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281097  
https://bugzilla.redhat.com/show_bug.cgi?id=2281133  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2281237  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281265  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281639  
https://bugzilla.redhat.com/show_bug.cgi?id=2281667  
https://bugzilla.redhat.com/show_bug.cgi?id=2281821  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282719  
https://bugzilla.redhat.com/show_bug.cgi?id=2284400  
https://bugzilla.redhat.com/show_bug.cgi?id=2284417  
https://bugzilla.redhat.com/show_bug.cgi?id=2284474  
https://bugzilla.redhat.com/show_bug.cgi?id=2284496  
https://bugzilla.redhat.com/show_bug.cgi?id=2284511  
https://bugzilla.redhat.com/show_bug.cgi?id=2284513  
https://bugzilla.redhat.com/show_bug.cgi?id=2284543  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2293208  
https://bugzilla.redhat.com/show_bug.cgi?id=2293418  
https://bugzilla.redhat.com/show_bug.cgi?id=2293441  
https://bugzilla.redhat.com/show_bug.cgi?id=2293657  
https://bugzilla.redhat.com/show_bug.cgi?id=2293658  
https://bugzilla.redhat.com/show_bug.cgi?id=2293686  
https://bugzilla.redhat.com/show_bug.cgi?id=2293687  
https://bugzilla.redhat.com/show_bug.cgi?id=2293688  
https://bugzilla.redhat.com/show_bug.cgi?id=2297056  
https://bugzilla.redhat.com/show_bug.cgi?id=2297512  
https://bugzilla.redhat.com/show_bug.cgi?id=2297538  
https://bugzilla.redhat.com/show_bug.cgi?id=2297542  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545

Red Hat Security Advisory 2024-5363-03

Red Hat Security Advisory 2024-5334-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5334.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:5334-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5334Issue date:         2024-08-16Revision:           03CVE Names:          CVE-2024-38167====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.108 and .NET Runtime 8.0.8.Security Fix(es):* dotnet: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):* EMBARGOED CVE-2024-38167 dotnet8.0: Information disclosure vulnerability in TlsStream (CVE-2024-38167)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38167References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302428

Red Hat Security Advisory 2024-5334-03

Red Hat Security Advisory 2024-5322-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5322.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5322-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5322  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5322-03

Red Hat Security Advisory 2024-5279-03 - An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5279.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.11-setuptools security updateAdvisory ID:        RHSA-2024:5279-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5279Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages.  This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources.Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-5279-03

Red Hat Security Advisory 2024-5231-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5231.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: bind and bind-dyndb-ldap security update  
Advisory ID:        RHSA-2024:5231-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5231  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-1737  
====================================================================

Summary: 

An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)

* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)

* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1737

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2298893  
https://bugzilla.redhat.com/show_bug.cgi?id=2298901  
https://bugzilla.redhat.com/show_bug.cgi?id=2298904

Red Hat Security Advisory 2024-5231-03

Red Hat Security Advisory 2024-5160-03 - Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5160.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.27 security update  
Advisory ID:        RHSA-2024:5160-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5160  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.27. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:5163

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-33402  
https://issues.redhat.com/browse/OCPBUGS-34721  
https://issues.redhat.com/browse/OCPBUGS-37174  
https://issues.redhat.com/browse/OCPBUGS-37229  
https://issues.redhat.com/browse/OCPBUGS-37277  
https://issues.redhat.com/browse/OCPBUGS-37288  
https://issues.redhat.com/browse/OCPBUGS-37672  
https://issues.redhat.com/browse/OCPBUGS-37775  
https://issues.redhat.com/browse/OCPBUGS-37813  
https://issues.redhat.com/browse/OCPBUGS-37849  
https://issues.redhat.com/browse/OCPBUGS-37962

Red Hat Security Advisory 2024-5160-03

Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. 

This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.

The flaw was corrected in commit [4790c47](https://github.com/alloy-rs/core/commit/4790c47518024bd391bbd6815b00f501bad76a15).


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-8327-84cj-8xjm

**Stack overflow when parsing specially crafted JSON ABI strings**

Moderate severity GitHub Reviewed Published Aug 15, 2024 to the GitHub Advisory Database • Updated Aug 15, 2024

**Package**

cargo alloy-json-abi (Rust)

**Affected versions**

<= 0.7.7

Published to the GitHub Advisory Database

Aug 15, 2024

Last updated

Aug 15, 2024

GHSA-8327-84cj-8xjm: Stack overflow when parsing specially crafted JSON ABI strings

### Impact
Possible vulnerability to XSS injection if .po dictionary definition files is corrupted

### Patches
Update gettext.js to 2.0.3

### Workarounds
Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.


Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-43370

**gettext.js has a Cross-site Scripting injection**

High severity GitHub Reviewed Published Aug 15, 2024 in guillaumepotier/gettext.js • Updated Aug 15, 2024

**Package**

npm gettext.js (npm)

**Affected versions**

< 2.0.3

**Description**

**Impact**

Possible vulnerability to XSS injection if .po dictionary definition files is corrupted

**Patches**

Update gettext.js to 2.0.3

**Workarounds**

Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

**References**

*   GHSA-vwhg-jwr4-vxgg

Published to the GitHub Advisory Database

Aug 15, 2024

Last updated

Aug 15, 2024

Tag

#js